Wednesday, July 25, 2007

Sunday, July 15, 2007

I was reading a book called core Security Patterns from Sun today and in the introduction chapter in this book they state:

"A Gartner Group report [CSO online] estimates that employees of companies are responsible for more than 70% of the unauthorized access to information systems in those companies. It is also employees of companies who perpetrate more than 95% of information systems intrusions that cause significant financial losses."

So when I ask - do you just "trust" your managed data center employees like the managed hosting companies would like you to do? No. Audit everything. If they cannot provide an audit trail to explicitly define who accessed your server on what time and day and what they did - you'll need to keep your password to yourself and manage access to your server and do your own auditing -- don't use that company.

And for all those companies that swear up and down that they are invincible and secure, I say no one is ever 100% secure and constant auditing and monitoring is needed. Case in point, this book says:

"According to an FBI survey [eWeek] of 500 companies, 90 percent say they'd had a computer security breach, and 80 percent of those said they'd suffered a financial loss as a result."

There are more reports an examples in the book as well as a good list of security patterns for those who use a programming language that allows you to, in my opinion, have more control over your environment such as with a Java web server. I say that because you cannot get the IIS source code...

Not sure I agree however. I don't know if this person understands exactly what was done in this case and yes, it should have been done sooner, but the fact is prior to this network admins didn't pay attention to traffic much at all unless it took down a machine. The fact that the government is involved and looking at the problem is a major step forward as we all know how long it takes to get the government moving...business has financial motivation. The government is pushed by voters and many voters don't even understand what is going on. So I say go Microsoft, go FBI and keep going - do more. Catch them and start whacking people with fines and putting them in jail the same way the Enron guys were put in jail - as an example to all and yes you will pay. But make the price high.

The note about cutting off criminal resources is interesting. Yes we can and should do more about this problem, but at least someone "gets it" and it is a step in the right direction. That's my take.

And as for the last line, yeah right. I'm going to let some ex (supposedly) hacker "fix" my machine. Time for a reality check.

I would like to know how someone is able to get a null IP address into our logs. I would like to make this not possible and to stop. All web server vendors need to look into this. Of course we have backup logging that handles this issue.

And see my last post for the matching IP address. Not sure which one but one of those generated this:

Was just reading a report in the paper that said 100% of the 24 defective toys recalled in the US this year came from China. Also there was some toothpaste infected with poison coming from China which was distributed to US prisons.